Fake Credit Card Reports Distribute Cerber Ransomware


Apparently the Cerber ransomware gang is ready for the holiday season. The criminals have just launched a brand new spam campaign which uses fake credit card reports to trick users into opening a Word file which will download and install Cerber ransomware.

The new spam campaign was registered by the Microsoft Malware Protection Center, who said that this campaign pretend to be pending payments for MasterCard credit cards.

The design of the email is really smart because it plays on everyone’s fear of getting billed for items they haven’t purchased.

The email uses a sense of urgency to trick victims into opening a password-protected Word document that contains instructions on how to cancel this operation.

Most banks send customers password-protected files because email scanning systems and anti-malware products can’t open to scan the email’s attachment.

The file which customers receive with these emails is a Word document that contains an attached macro script. Once the user allows executing the script, it will infect the system with the Cerber ransomware.

When opening the Word document, the users see instructions that resemble a Microsoft tech support page, telling the user to Enable Editing, which allows the macro script to execute.

Unlike the tech-savvy users who stay away from Word files with macro scripts, most regular users just see the message and follow the embedded instructions.

As soon as users allow the macro script to execute, the macro runs a PowerShell script that downloads and installs the Cerber ransomware, which immediately starts encrypting the user’s files.

After seeing a copy of the ransom note, the MalwareHunterTeam stated that the latest version of the Cerber ransomware is currently uncrackable.

So, it’s no wonder that the Cerber gang switch from their classic invoice-themed spam and malvertising campaigns to this fake credit card report.

Some other cybercrime operations have also adopted their tactics and intensified operations for the winter holidays.

According to the Proofpoint team, the activity surrounding the NewPOSthings and ZeusPOS malware families which target Point-of-Sale terminals have quadrupled for the Thanksgiving and the Black Friday sales.

Image Source: Bleeping Computer
Nelly Vladimirova
Nelly Vladimirova has been working as a journalist since 1998 with a main focus on Finance, Economics, and IT. In 2004 she graduated the University of Plovdiv, Bulgaria, as a Bachelor in English Philology and Master in Linguistics and Translation. Later, Nelly received a postgraduate certificate in Business Management from Scott's College, UK. Presently, she is presenting the latest news related to computer security at www.virusguides.com.



Time limit is exhausted. Please reload CAPTCHA.